資安事件新聞週報 2025/6/16 ~ 2025/6/20

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/6/16 ~ 2025/6/20 1.重大弱點漏洞/後門/Exploit/Zero Day Palo Alto Networks修補Prisma Access Browser、GlobalProtect、PAN-OS弱點 https://www.ithome.com.tw/news/169543 https://www.cyber.gc.ca/en/alerts-advisories/palo-alto-networks-security-advisory-av25-338 Citrix修補NetScaler兩項重大層級漏洞 https://www.ithome.com.tw/news/169656 兩年前兆勤修補的防火牆已知漏洞再傳攻擊行動 https://www.ithome.com.tw/news/169604 VMware NSX存在XSS高風險漏洞 https://www.ithome.com.tw/news/169446 OpenPGP.js存在高風險漏洞，攻擊者有機會繞過訊息簽章驗證機制 https://www.ithome.com.tw/news/169572 網路流量解析工具Wireshark存在高風險漏洞，攻擊者可藉特製封包觸發DoS攻擊 https://www.ithome.com.tw/news/169460 趨勢科技與Palo Alto Networks 發布多項重要安全更新 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11959 趨勢科技產品存在多項高風險漏洞 https://www.ithome.com.tw/news/169533 https://success.trendmicro.com/en-US/solution/KA-0019926 Microsoft 推出 2025年6月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11949 微軟6月安全更新引發Windows Server DHCP運作問題 https://www.ithome.com.tw/news/169580 Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments https://thehackernews.com/2025/06/hard-coded-b-password-in-sitecore-xp.html Tenable揭露與修補漏洞管理平臺代理程式漏洞，以免攻擊者趁機覆寫Windows系統檔案 https://www.ithome.com.tw/news/169606 Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion https://thehackernews.com/2025/06/ransomware-gangs-exploit-unpatched.html CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability https://thehackernews.com/2025/06/cisa-warns-of-active-exploitation-of.html Veeam修補備份軟體重大漏洞，可導致在備份伺服器遠端執行程式碼 https://www.ithome.com.tw/news/169623 Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication https://thehackernews.com/2025/06/veeam-patches-cve-2025-23121-critical.html 3月公布的Chrome零時差漏洞最新調查結果出爐，駭客組織TaxOff用於部署後門 https://www.ithome.com.tw/news/169627 聯發科修補藍牙驅動程式高風險漏洞 https://www.ithome.com.tw/news/169400 GitLab修補高風險層級的帳號挾持漏洞、缺乏身分驗證漏洞 https://www.bleepingcomputer.com/news/security/gitlab-patches-high-severity-account-takeover-missing-auth-issues/ Linux作業系統元件udisks存在漏洞，攻擊者有機會藉此得到root權限 https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/ IBM修補IBM i平臺備份服務漏洞，包括提升權限與惡意存取的重大漏洞 https://www.ithome.com.tw/news/169595 HashiCorp Nomad存在ACL查詢漏洞，若不處理攻擊者恐用於提升權限 https://gbhackers.com/hashicorp-nomad-acl-lookup/ 4.6萬套資料圖形視覺化Grafana系統尚未修補XSS漏洞而曝險 https://www.ithome.com.tw/news/169578 郵件伺服器Roundcube近滿分重大漏洞有駭客於地下市集兜售利用方法，全球仍有近8.5萬臺恐曝險 https://www.ithome.com.tw/news/169551 Mitel視訊會議協作平臺MiCollab存在重大漏洞，攻擊者可遠端挾持 https://www.securityweek.com/critical-vulnerability-exposes-many-mitel-micollab-instances-to-remote-hacking/ 2.銀行/金融/保險/證券/金融監理新聞及資安 Scattered Spider鎖定美國保險業者的IT支援部門而來 https://thehackernews.com/2025/06/google-warns-of-scattered-spider.html 伊朗大型國有銀行Bank Sepah傳出遭駭造成服務停擺，駭客聲稱摧毀所有資料 https://www.ithome.com.tw/news/169610 伊朗國銀遭駭血汗錢歸零！專家預警金融業潛藏風險被駭衝擊堪比導彈攻擊 https://news.cnyes.com/news/id/6028174 伊朗老牌國營銀行遭駭民眾存款歸零ATM中斷 KPMG提醒台灣金融體系潛藏風險 https://reurl.cc/Z4p7jA 安卓惡意軟體GodFather濫用虛擬化機制挾持銀行、加密貨幣App的帳密 https://www.ithome.com.tw/news/169657 臺灣金融資安新里程碑：台新銀行成臺灣首家以銀行名義加入FIRST的業者 https://www.ithome.com.tw/news/169614 善用微分段強化金融資安 Illumio 扮演金融產業最佳守護神 https://www.ithome.com.tw/pr/169639 企業拒用自然人憑證，背後藏著哪些資安警訊 https://finance.technews.tw/2025/06/18/enterprises-refuse-to-use-natural-person-credentials/ 「自然人憑證」淪詐騙工具　多家銀行暫停線上開戶功能阻詐 https://news.ttv.com.tw/news/11406090011600I 自然人憑證遭詐！金管會提解方銀行不挺視訊有原因 https://money.udn.com/money/story/5613/8813652 自然人憑證開戶防詐機制出爐金管會：最慢9月中全面恢復受理 https://www.ctee.com.tw/news/20250618701965-430301 10家銀行拒用自然人憑證開戶遭痛批金管會：下周開會後儘速恢復 https://reurl.cc/9D2XGO 金管會3招強化管理銀行自然人憑證驗證3個月內恢復 https://www.cna.com.tw/news/afe/202506180244.aspx ATM提款注意了！銀行新制正式啟用，「忘記1規定」小心不能領錢轉帳 https://www.storm.mg/article/11046479 3.信用卡/電子支付/行動支付/pay/支付系統/資安提升交易安全聯卡中心資安加固 https://www.chinatimes.com/newspapers/20250619000467-260208?chdtv Apple Pay再添新成員　18大銀行備戰進北捷 https://www.cardu.com.tw/news/detail.php?57430 新版NFC 15規範將感應距離提升至2公分，比現行版本提升4倍距離 https://www.cool3c.com/article/240877 第三方支付平台幫詐團洗錢60億「旺沛大」負責人等3人遭收押 https://reurl.cc/8DdnnM Alipay+發布首個智能眼鏡全球支付方案　在香港完成首筆交易 https://reurl.cc/2Kpgb4 客家幣7/1正式啟動面額千元共發28萬份 https://reurl.cc/EVEz2g 這次韓國又要贏了？通勤族即將可用 Apple Pay 支付交通費 https://technews.tw/2025/06/17/korea-apple-pay/ 一卡通開放yoxi支付　叫車付款贈8%綠點 https://www.cardu.com.tw/news/detail.php?57393 「跨境支付通」周日上線　有銀行收款送「獎賞錢」 https://today.line.me/hk/v3/article/x2PBekq 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安央行看穩定幣監管建議比照電子支付 https://money.udn.com/money/story/5613/8798538 以色列駭客Predatory Sparrow對伊朗加密貨幣交易所Nobitex下手，銷毀價值9千萬美元的資金 https://www.ithome.com.tw/news/169631 挪威計劃暫時禁止比特幣挖礦 https://hk.investing.com/news/cryptocurrency-news/article-93CH-975136 伊朗平台遭竊大量加密幣！親以色列駭客所為 https://reurl.cc/9D2XEa 仿效信用卡運作模式！美加密貨幣交易所Coinbase推出穩定幣支付服務 https://reurl.cc/8DdnGM 追回2億加密幣黑金！詐團最怕的檢察官合作警察誇：很怕被挖走 https://udn.com/news/story/6841/8812522 Meta 稱加密貨幣內容為「詐騙」，多名幣圈 KOL 帳號慘遭停權 https://abmedia.io/meta-labels-crypto-content-as-scam-multiple-kol-accounts-banned 法國加密貨幣網紅遭綁架　卻因「餘額太少」平安獲釋 https://www.ettoday.net/news/20250618/2980650.htm 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客假冒政府機關與商業夥伴，在臺灣散布惡意軟體HoldingHands RAT、Gh0stCringe https://www.ithome.com.tw/news/169600 針對勒索軟體攻擊事故，聯鈞光電再發重訊表示部分資料遭竊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=164444&SPOKE_DATE=20250613&COMPANY_ID=3450 JavaScript惡意程式碼攻擊行動JSFireTruck橫行，一個月感染逾26萬個網站 https://www.ithome.com.tw/news/169571 Mirai 殭屍網路鎖定 Wazuh 開源資安平台漏洞發動攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11953 北韓駭客在Zoom視訊用AI深偽技術對企業員工網釣，意圖散布macOS惡意軟體 https://www.ithome.com.tw/news/169650 假DeepSeek-R1廣告暗藏BrowserVenom木馬，劫持瀏覽器流量 https://www.ithome.com.tw/news/169590 程式碼協作平臺Gerrit組態配置不當，Google專案恐遭惡意程式碼注入攻擊 https://www.securityweek.com/gerrit-misconfiguration-exposed-google-projects-to-code-injection/ 駭客組織Water Curse鎖定仰賴開源工具的開發者、資安專家，使用GitHub散布惡意程式 https://www.darkreading.com/cyberattacks-data-breaches/water-curse-targets-cybersecurity-pros-github-repos 勒索軟體Bert鎖定Linux系統而來，利用武器化ELF檔從事攻擊 https://gbhackers.com/bert-ransomware-escalates-attacks-on-linux-machines/ 間諜軟體Predator捲土重來，研究人員發現新的基礎設施 https://securityaffairs.com/179036/hacking/new-predator-spyware-infrastructure-revealed-activity-in-mozambique-for-first-time.html 殭屍網路Flodrix鎖定LLM開發工具Langflow而來，意圖發動DDoS攻擊 https://www.ithome.com.tw/news/169626 勒索軟體Anubis加入檔案抹除的破壞功能，受害組織恐無法購買金鑰換回資料 https://www.ithome.com.tw/news/169593 假借瀏覽器更新、提供軟體或服務的名義為幌子，駭客GrayAlpha意圖散布NetSupport RAT https://www.ithome.com.tw/news/169582 惡意NPM、PyPI套件及AI工具鎖定DevOps及雲端環境而來 https://thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html 勒索軟體LockBit遭起底，曝露附屬組織、受害名單、勒索金額等細節 https://cybersecuritynews.com/lockbits-admin-panel-leak/ 勒索軟體Nova聲稱成功入侵臺灣一所大學，攻擊者身分疑為中國APT駭客 https://medium.com/@Billows_Tech/%E8%B3%87%E5%AE%89%E5%A8%81%E8%84%85-%E5%8F%B0%E7%81%A3%E6%9F%90%E7%A7%81%E7%AB%8B%E5%A4%A7%E5%AD%B8%E9%81%AD-nova-%E5%8B%92%E7%B4%A2%E8%BB%9F%E9%AB%94%E6%94%BB%E6%93%8A-%E5%B9%95%E5%BE%8C%E7%8F%BE%E8%B9%A4%E4%B8%AD%E5%9C%8B-apt-489c778a54dd 即時通訊軟體Discord邀請連結遭濫用，駭客藉此散布AsyncRAT及竊資軟體Skuld https://thehackernews.com/2025/06/discord-invite-link-hijacking-delivers.html 勒索軟體駭客鎖定遠端管理軟體SimpleHelp已知漏洞而來 https://thehackernews.com/2025/06/ransomware-gangs-exploit-unpatched.html 勒索軟體Anubis加入檔案撕票功能 https://www.bleepingcomputer.com/news/security/anubis-ransomware-adds-wiper-to-destroy-files-beyond-recovery/ Team46 and TaxOff: two sides of the same coin https://exchange.xforce.ibmcloud.com/osint/guid:6ea18b787c6a4a0dae38f80b166e62be PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments https://thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets https://thehackernews.com/2025/06/discord-invite-link-hijacking-delivers.html Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month https://thehackernews.com/2025/06/over-269000-websites-infected-with.htmlRansomware New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks https://thehackernews.com/2025/06/new-flodrix-botnet-variant-exploits.html New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains https://thehackernews.com/2025/06/new-malware-campaign-uses-cloudflare.html 200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers https://thehackernews.com/2025/06/67-trojanized-github-repositories-found.html BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with macOS Backdoor Malware https://thehackernews.com/2025/06/bluenoroff-deepfake-zoom-scam-hits.html Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign https://thehackernews.com/2025/06/water-curse-hijacks-76-github-accounts.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊新版NFC規格出爐感測距離擴大4倍 https://www.ithome.com.tw/news/169659 Android 16支援外接螢幕桌面模式，手機可雙螢幕獨立多工 https://www.ithome.com.tw/news/169596 川普家族成立Trump Mobile，將推出499美元的美國製手機T1 Phone https://www.ithome.com.tw/news/169587 Graphite間諜軟體利用iOS零點擊漏洞攻擊記者 https://www.ithome.com.tw/news/169558 Meta正式於WhatsApp中導入廣告服務 https://www.ithome.com.tw/news/169581 臉書即將支援Passkey登入 https://www.ithome.com.tw/news/169625 Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement https://thehackernews.com/2025/06/meta-starts-showing-ads-on-whatsapp.html Meta Adds Passkey Login Support to Facebook for Android and iOS Users https://thehackernews.com/2025/06/meta-adds-passkey-login-support-to.html New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft https://thehackernews.com/2025/06/new-android-malware-surge-hits-devices.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力暗網市集Archetyp被執法機關關閉 https://www.securityweek.com/archetyp-dark-web-market-shut-down-by-law-enforcement/ 美國紐約通過AI安全法案，要求業者揭露安全準則 https://www.ithome.com.tw/news/169568 大型加拿大航空業者WestJet遭駭，部分內部系統中斷運作 https://www.bleepingcomputer.com/news/security/westjet-investigates-cyberattack-disrupting-internal-systems/ 英國對基因技術業者23andMe開罰231萬歐元 https://www.bleepingcomputer.com/news/security/uk-fines-23andme-for-profoundly-damaging-breach-exposing-genetics-data/ 針對Chrome憑證撤銷信任，中華電信表示受影響政府機關網站7月底可望全面完成憑證更換 https://www.ithome.com.tw/news/169597 XDSpy駭客利用LNK零時差漏洞攻擊東歐及俄羅斯 https://gbhackers.com/xdspy-threat-actors-exploit-windows-lnk-zero-day-vulnerability/ 衛星網路公司Viasat去年遭中國駭客Salt Typhoon攻擊 https://www.ithome.com.tw/news/169624 駭客組織VexTrio Viper入侵數百個WordPress網站，意圖架設大型惡意流量分派服務 https://cybersecuritynews.com/hundreds-of-wordpress-websites-hacked-by-vextrio-viper-group/ 華盛頓郵報電子郵件系統遭駭，部分負責國安、經濟政策、中國等領域報導的記者帳號被入侵 https://www.ithome.com.tw/news/169591 北韓駭客鎖定烏克蘭政府機關而來，企圖竊取帳密資料 https://gbhackers.com/north-korean-apt-hackers-target-ukrainian-government-agencies/ 俄羅斯駭客利用ASP機制存取受害者Gmail帳號 https://www.ithome.com.tw/news/169655 中國AI新創MiniMax開源支援100萬個Token脈絡長度的M1推理模型 https://www.ithome.com.tw/news/169609 Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict https://thehackernews.com/2025/06/iran-restricts-internet-access-to.html Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider https://thehackernews.com/2025/06/massive-73-tbps-ddos-attack-delivers.html Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents https://thehackernews.com/2025/06/ex-cia-analyst-sentenced-to-37-months.html Exposed Developer Secrets Are a Big Problem. AI is Making Them Exponentially Worse https://thehackernews.com/expert-insights/2025/06/exposed-developer-secrets-are-big.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全網購遇第三方支付詐騙？數發部提醒付款前留意三件事 https://ec.ltn.com.tw/article/breakingnews/5081749 北韓駭客Kimsuky鎖定異議人士，透過臉書、電子郵件及Telegram展開釣魚攻擊 https://www.ithome.com.tw/news/169556 北韓駭客在Zoom視訊用AI深偽技術對企業員工網釣，意圖散布macOS惡意軟體 https://www.ithome.com.tw/news/169650 駭客針對微軟Entra ID帳戶發動密碼潑灑攻擊 https://www.ithome.com.tw/news/169548 微軟預告7月M365將預設封鎖使用舊版身分驗證機制存取檔案 https://www.ithome.com.tw/news/169654 Minecraft玩家遭到鎖定，駭客假借提供作弊工具竊取帳密資料 https://www.bleepingcomputer.com/news/security/stargazers-use-fake-minecraft-mods-to-steal-player-passwords/ 印度租車業者Zoomcar遭駭，8,400萬用戶敏感資料外洩 https://cybersecuritynews.com/zoomcar-hacked/ 160億筆帳密外洩！蘋果、Google、政府單位全中招 https://reurl.cc/qGQ8D0 Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign https://thehackernews.com/2025/06/russian-apt29-exploits-gmail-app.html New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions https://thehackernews.com/2025/06/new-linux-flaws-enable-full-root-access.html E.研究報告/工具 Are Forgotten AD Service Accounts Leaving You at Risk https://thehackernews.com/2025/06/are-forgotten-ad-service-accounts.html Backups Are Under Attack: How to Protect Your Backups https://thehackernews.com/2025/06/how-to-protect-your-backups-from-ransomware-attacks.html Secure Vibe Coding: The Complete New Guide https://thehackernews.com/2025/06/secure-vibe-coding-complete-new-guide.html Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session https://thehackernews.com/2025/06/uncover-lots-attacks-hiding-in-trusted.html F.商業 AI 系統的資安不可視為一般軟體處理！「機器學習安全維運」將成主流 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11947 F5 推出可擴充、具高安全性的雲端原生網路功能，支援 AI 與高頻寬應用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11955 Gartner 發佈雲技術發展六大趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11952 Akamai推出DNS狀態管理方案，有效應對DNS安全與合規挑戰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11957 AWS身分安全再進化！率先強制所有帳戶Root使用者啟用MFA，邁向更易實踐的資安設計 https://www.ithome.com.tw/news/169608 Google開始測試能夠連續對話的Search Live語音搜尋功能 https://www.ithome.com.tw/news/169630 Databricks推出整合交易處理與資料分析的AI資料庫Lakebase https://www.ithome.com.tw/news/169566 Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine https://thehackernews.com/2025/06/playbook-transforming-your.html CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk https://thehackernews.com/2025/06/ctem-is-new-soc-shifting-from.html The Hidden Cost of Treating Compliance as an Afterthought https://thehackernews.com/expert-insights/2025/06/the-hidden-cost-of-treating-compliance.html FedRAMP at Startup Speed: Lessons Learned https://thehackernews.com/2025/06/fedramp-at-startup-speed-lessons-learned.html 6 Steps to 24/7 In-House SOC Success https://thehackernews.com/2025/06/6-steps-to-247-in-house-soc-success.html G.政府臺北市公有場地租借系統驚傳遭受網路攻擊一度癱瘓，幕後首腦竟是網球教練 https://news.ltn.com.tw/news/society/breakingnews/5074474 衛福部揭長照3.0目標，加強發展智慧照護 https://www.ithome.com.tw/news/169636 防詐簡訊新機制上路　數位發展部升級三重驗證防詐騙 https://enn.tw/630233/ 防第三方支付助詐團洗錢數發部建能量登錄制度 https://news.pts.org.tw/article/756885 線上申換護照7月起放寬！效期「不足6個月」也適用 https://reurl.cc/1Ky42W H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert https://thehackernews.com/2025/06/tp-link-router-flaw-cve-2023-33538.html 美國警告TP-Link路由器已知漏洞遭到利用 https://www.ithome.com.tw/news/169602 Kia汽車鑰匙、遙控器存在弱點，恐被偷車賊利用 https://cybersecuritynews.com/kia-ecuador-keyless-entry-systems/ I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Season of AI Agents: Build the Future with AI 2025/6/21 https://www.meetup.com/cloud-experts-group/events/307650330/ Elasticsearch x RAG：從架構到部署，帶你學會 RAG 應用實作流程 2025/6/25 https://www.accupass.com/event/2505210739587773218720 2025 TAICS 論壇 2025/6/25 https://www.accupass.com/event/2505200823402070149514 智慧產學新藍圖—智慧教育 x 產業創新 2025/6/26 https://www.accupass.com/event/2505230743101674621110 ISO資安×隱私×AI 三合一內部稽核員訓練課程 2025/6/26 https://www.accupass.com/event/2504140907521623826500 [On-Line] AWS Global Community Gatherings #8 2025/6/27 https://www.meetup.com/awsglobalcommunitygatherings/events/307414965/ ESG再升級 -- 資訊安全如何撐起企業永續力 2025/6/27 https://www.accupass.com/event/2505230142041886681305 Taiwan Robotics Meetup 六月場 2025/6/27 https://www.meetup.com/taipei-robotics-meetup-group/events/308129341/ 2025年6月-iPAS 資訊安全工程師(中級)能力培訓班 2025/6/28 https://www.accupass.com/event/2504240832428194630570 Startup Teaming (Online) 2025/6/28 https://www.meetup.com/startup-agile-bangkok/events/307437160/ CraftCon Taiwan 2025/7/4 https://www.accupass.com/event/2504040359201021066990 2025 鋼索上管理課：國際資安/工安職人達人交流會 2025/7/6 https://www.accupass.com/event/2505010751034173651060 國際證照：AI人工智慧核心能力 2025/7/6 https://www.accupass.com/event/2503161022177054945860 InfoSec Taiwan 2025 國際資安組織大會 2025/7/9 https://csa.kktix.cc/events/infosectaiwan2025 HITCON Cyber Range 2025 企業藍隊競賽 2025/7/18 https://hitcon.kktix.cc/events/hitcon-cyberrange-2025 台灣駭客年會 HITCON Training 2025 2025/7/23 https://hitcon.kktix.cc/events/hitcon-training-2025 2025年8月-iPAS 資訊安全工程師(初級)能力培訓班-高雄場 2025/8/21 https://www.accupass.com/event/2504240921341381390216 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965